)
Fix NNP when already under root-created filter
Jann Horn (1):
seccomp: always propagate NO_NEW_PRIVS on tsync
kernel/seccomp.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
--
Kees Cook
ew Morton <a...@linux-foundation.org>
> Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
> Cc: David Howells <dhowe...@redhat.com>
> Cc: Kees Cook <keesc...@chromium.org>
> Cc: Casey Schaufler <ca...@schaufler-ca.com>
> Cc: Ming Lei <ming@canonical.
sync_opt_cb(desc) ((desc)->cbs.sync.opt_fail_cb)
> +#define desc_sync_opt_context(desc)((desc)->cbs.sync.opt_fail_context)
> +static inline int desc_sync_opt_call_cb(const struct sysdata_file_desc *desc)
> +{
> + if (desc->sync_reqs.mode != SYNCDATA_SYNC)
>
--git a/mm/process_vm_access.c b/mm/process_vm_access.c
> index e88d071..5d453e5 100644
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -194,7 +194,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct
> iov_iter *iter,
> goto free_proc_pages;
t; user-specified file, this could be used by an attacker to reveal
> the memory layout of root's processes or reveal the contents of
> files he is not allowed to access (through /proc/$pid/cwd).
>
> Signed-off-by: Jann Horn <j...@thejh.net>
Acked-by: Kees Cook <keesc...@chromiu
es have flags ORed into them.
>
> Signed-off-by: Jann Horn <j...@thejh.net>
Acked-by: Kees Cook <keesc...@chromium.org>
-Kees
> ---
> security/smack/smack_lsm.c | 8 +++-
> security/yama/yama_lsm.c | 4 ++--
> 2 files changed, 5 insertions(+), 7 deletions(-)
>
&
if (audit_enabled && (signr || unlikely(!audit_dummy_context(
> __audit_seccomp(syscall, signr, code);
> }
>
> @@ -498,7 +504,6 @@ extern int audit_rule_change(int type, __u32 portid, int
> seq,
> void *data, size_